How can I check if a remote UDP port is open by using native C++? Since UDP is connection-less, calling connect()
is not helpful. I cannot try binding it since it is not local. nmap
cannot also indicate. (however netstat
can find out, but I think it looks at internal information about open ports/files). Is there anyway to detect it? If I go a layer down on network level, is it possible to send a ICMP message by C++ to check port-unreachable status? I mean, would that give enough information on port status?
Platform is Linux.
I assume that you are trying to determine whether or not a UDP port on a remote machine is being passed through a firewall and/or has an application running on it.
You cannot reliably determine this. The closest you can come is to try sending a series of small datagrams to that address and port, spaced about 1 second apart for about 10 seconds.
If there are no firewalls blocking the port and no application is running, then the remote system might send back
ICMP_UNREACH_PORT
(port unreachable). If there are no blocking firewalls and the remote system is down, a router might send backICMP_UNREACH_HOST
orICMP_UNREACH_NET
. If a firewall is blocking you, it might send backICMP_UNREACH_FILTER_PROHIB
, but most firewalls don't send back anything.The odds of getting any of those back are pretty slim because most firewalls block that sort of ICMP feedback. Even if an ICMP message does come back, linux generally does not let you see it unless you are running as root. Some operating systems will report ICMP errors as a failure of the next
sendto()
to the same address/port, which is why you need to repeat the message several times. But some do not, in which case you must open a specific ICMP port and parse any return messages.Even if you do somehow get an ICMP message, understand that they are not reliable. For example, you could get
ICMP_UNREACH_PORT
even though an application is not only listening, but actively sending you data. (That's rare, but I've seen it happen.)If an application is running on the given port and if you know what that application is and if you know how to craft a message which will cause that application to respond to you, then doing so and getting a response is the best indication that the port is open. But getting no response means nothing: maybe the port is blocked, maybe the application is not running, or maybe it just didn't like your message.
Bottom line: no, not really.
There is no bulletproof way to check if a remote port is ready to receive your UDP datagrams. Since UDP is connectionless you can just tell if the remote host is answering something meaningful to you. There may be ways to get an hint (as port scanners do) but that is nothing I would rely on in production code.